form error checking

[liamallan]

hey guys, i have recently created a form to post into mysql table, which works perfectly! until today, someone entered blank fields and still got posted to mysql table. i am now considering entering some error checking, but thing is i dont have a clue where to start lol

here is my form:

Code:

<form method="post" action="addscoutprocess.php">
      <div align="center">
        <p>Co-ordinates:<br>
          <input type="text" name="x" maxlength=3 size=2>&nbsp;<input type="text" name="y" maxlength=3 size=2>
          <br>
          Lord Name:<br><font size='2'>(type NPC if scouting a NPC)</font><br>
          <input type="text" name="lordname">
          <br>
          Alliance:<br>
          <input type="text" name="alliance">
          <br>
          XML URL:<br><font size='2'>(can be found at bottom of evony scout report)</font><br>
          <input type="text" name="xmlurl" maxlength=150>

          </p>
        <p>
          
          <input type="submit" name="Submit" value="Submit">
        </p>
      </div>
    </form>

and here is my process:

PHP Code:

<?php
if (isset($_REQUEST['Submit'])) {
# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
$sql = "INSERT INTO $db_table(x,y,lordname,alliance,xmlurl) values ('".mysql_real_escape_string(stripslashes($_REQUEST['x']))."','".mysql_real_escape_string(stripslashes($_REQUEST['y']))."','".mysql_real_escape_string(stripslashes($_REQUEST['lordname']))."','".mysql_real_escape_string(stripslashes($_REQUEST['alliance']))."','".mysql_real_escape_string(stripslashes($_REQUEST['xmlurl']))."')";
if($result = mysql_query($sql ,$db)) {
echo '<h1>Thank you</h1>Your Scout Report has been added successfully!<br><br>';

echo "[<a href='addscout.php'>Add Another Scout Report</a>] [<a href='viewscout.php'>View Scout Reports</a>]";
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
<form method="post" action="addscoutprocess.php">
      <div align="center">
        <p>Co-ordinates:<br>
          <input type="text" name="x" maxlength=3 size=2>&nbsp;<input type="text" name="y" maxlength=3 size=2>
          <br>
          Lord Name:<br><font size='1'>(type NPC if scouting a NPC)</font><br>
          <input type="text" name="lordname">
          <br>
          Alliance:<br>
          <input type="text" name="alliance">
          <br>
          XML URL:<br><font size='1'>(can be found at bottom of evony scout report)</font><br>
          <input type="text" name="xmlurl" maxlength=150>

          </p>
        <p>
          
          <input type="submit" name="Submit" value="Submit">
        </p>
      </div>
    </form>      
<div align="center">
  <?php
}
?>

Ideally, i NEED Coordinates (x and y), lordname and xmlurl
i would be grateful if anyone could help, thanx!

[djr33]

Here's the basic way to write this, but every form is different. Aside from actually making it for you, a general overview is the best way:

1. It is best (easiest) if there is a single page that has 3 possible versions: 1. original form, 2. original form + displaying errors, 3. confirmation page after form is submitted WITHOUT errors.

2. At the top of your page, check if any data was sent. If yes, go to (3). If no, go to (4)

3. Verify all of the data. Check fields individually based on whatever you want. For example if(isset($_POST['field'])). If you find any INCORRECT data, store an error message.

3b. For the error messages, you can just say "check the data" or you can actually have specific errors for specific parts. I suggest storing each error into an array and displaying: "Fix the following errors: [array part 1], [array part 2], ...."

3c. If no errors were found (if (!isset($errors))), then you can skip to (5).

4. This is your form. If $errors is set, then display the errors (either at the top or next to the fields). For each field, echo the value back into the field:
<input type="text" name="x" value="<?php if (isset($_POST['x'])) { echo $_POST['x']; } ?>">
Aside from that, this form will be normal, but just make sure that you do fill into any sent data (because if errors were found you don't want your visitor to have to retype everything) and that the errors are displayed somewhere. Of course if no errors are found (and thus no form was submitted-- since otherwise it would skip the form) then nothing unusual will happen, so on the first load it'll be the default.
In this case, do not perform (5).

5. The data has now been verified. Process the data: send the email, add data to the database, etc. Display a confirmation page that the form was submitted correctly.



Here's a basic overview of how the page will be structured:

PHP Code:

//CHECK FOR ERRORS
//set $errors if you find an error
//END ERRORS
if (isset($errors)||!isset($_POST['requiredfield'])) {
 ///display the form
//remember:
//1. display errors somehwere here if they are set
//2. echo the submitted post data back to the fields if it was sent
}
else {
 ///process the data
echo 'It was submitted. Thanks!';
} 


[liamallan]

i think i understand most of what ur saying, but how do i go about 'setting $errors'?

[djr33]

If ($x!='somevalue') { $errors[] = 'X is not somevalue'; }


Or anything like that.

You need to code every single input to what you want it to be. You can of course ignore inputs that you don't care about (like optional fields).


Every input will vary and you need to figure out how to verify each correctly (logically). For example, some should not be blank (a message), some should match a pattern (email), some should be 1 not 0 (agreeing to TOS), some should be numbers, some should not be longer than 100 characters, etc.

If you need help with a specific input let us know and we can suggest how to verify it.